Translate into a different language

Tuesday, May 16, 2017

"While hackers are bound to be a step ahead of experts in most cases,
technologies like machine learning that can automate the function of
malware detection can help." informLeslie D'Monte, Technology Editor, Mint.

WannaCry, the malware that held over 200,000 individuals across
10,000 organizations in nearly 100 countries to ransom—demanding that
they either cough up money or lose their data—may be on the wane but
this is no time to be complacent.

While hackers are bound to be a step ahead of security experts and
companies in most cases, the answer lies in seeking the help of newer
technologies like machine learning that can automate the function of
malware detection.

What does WannaCry do?Also going
by names such as WannaCrypt, WCrypt, WCRY, WannaDecrypt0r or WanaCrypt0r
2.0, ransomware WannaCry is designed to prevent access to a system
until a sum of money is paid, usually in bitcoins. The malware is
programmed to spread via SMB (Server Message Block), a protocol specific
to Windows machines to communicate with file systems over a network.

WannaCry
takes advantage of the machines that support this protocol but have not
received the critical MS-17-010 security patch from Microsoft that was
issued on 14 March.

Once the initial worm module is
introduced to a system, according to Paladion Networks, it scans hosts
on the local area network or LAN, while simultaneously scanning the
Internet by generating random internet protocol (IP) addresses. “If
connection to port 445 ( traditional Microsoft networking port) on that
random IP address succeeds, the entire range is scanned, and if port 445
is found open, exploit attempts are made,” explained Sunil Gupta,
president and chief operating officer of Paladion Networks.

While Microsoft released updates for the unsupported Windows XP and Windows Server 2003 and patches
for the Windows 8 operating systems to combat the attack, no incidents
of Microsoft Windows 10 being affected have been reported till now.

Russia and India were hit, largely because many users, companies and
government departments still use the unsupported Microsoft’s Windows XP.
“It indeed is the biggest ransomware outbreak in history in terms of
infections. But as of Saturday morning, the day after the outbreak, it
had only made a measly $25,000, according to our researchers,” said Amit
Nath, head of Asia Pacific-corporate business at F-Secure Corp.

Nature of the ransomware beastAs
the name suggests, it is a type of malware that prevents or limits
users from accessing their system, either by locking the system’s screen
or by locking the users’ files unless a ransom is paid.

According
to security experts from Trend Micro Inc., ransomware can be downloaded
on to systems when unwitting users visit malicious or compromised
websites. Some ransomware are known to be delivered as attachments from
spammed email, downloaded from malicious pages through
mal-advertisements, or dropped by exploit kits on vulnerable systems.
Once executed in the system, ransomware can either lock the computer
screen, or, in the case of crypto-ransomware, encrypt predetermined
files...

Can machine learning come to the rescue?The simplest
method to detect malware, security experts will tell you, is by using
the “Hashing” method which checks the existence of a hash (#) sign in a
database. Of course, this is a very tedious exercise. The other method
involves the use of signatures where security experts looks for specific
strings in the file. But this, too, can easily be bypassed by malware
authors. Behaviour-based malware detection examines what the program
does when executed.

The question, then, is whether we can automate this process of malware detection with machine learning?

Machine
learning, which enables systems to learn from data sets without having
to be programmed specifically, would be the next best weapon in this
cyber war, Trend Micro security experts believe.
It can take advantage of existing data to determine patterns and use
those patterns to adjust its own actions. It could, thus, provide the
key to detecting ransomware attacks before they become too widespread,
providing the opportunity for an organisation to react ahead of
malicious file encryption.Read more...

0
comments:

Contact me

About Me

Hello, my name is Helge Scherlund and I am the Education Editor and Online Educator of this personal weblog and the founder of eLearning • Computer-Mediated Communication Center.
I have an education in the teaching adults and adult learning from Roskilde University, with Computer-Mediated Communication (CMC) and Human Resource Development (HRD) as specially studied subjects. I am the author of several articles and publications about the use of decision support tools, e-learning and computer-mediated communication. I am a member of The Danish Mathematical Society (DMF), The Danish Society for Theoretical Statistics (DSTS) and an individual member of the European Mathematical Society (EMS). Note: Comments published here are purely my own and do not reflect those of my current or future employers or other organizations.